Report: Fewer data breaches, but greater ability to control costs
While the number of data breaches decreased slightly during the past year, healthcare organizations have improved their ability to control data breach costs, according to the Ponemon Institute's “Fourth Annual Benchmark Study on Patient Privacy & Data Security,” which was funded by ID Experts.
The institute interviewed 388 individuals working in compliance, IT, patient services and privacy at 91 healthcare organizations.
In the study, 90 percent of healthcare organizations surveyed had at least one data breach in the past two years while 38 percent reported that they have had more than five incidents. This represents a decline from last year’s report, when 45 percent of organizations had more than five breaches.
“This coupled with an increase in organizations’ level of confidence in data breach detections suggests that modest improvements have been made in reducing threats to patient data,” according to report authors.
Meanwhile, healthcare organizations have improved their ability to control data breach costs, which can range from less than $10,000 to more than $1 million. The institute found that the economic impact of data breaches decreased almost 17 percent since last year.
Among other report’s findings:
- The Accountable Care Act increases risk to patient privacy and information security
- Accountable care organization participation increases data breach risks
- Confidence in health information exchanges remains low
- Criminal attacks on healthcare organizations increased 100 percent since 2010
- Employee negligence is considered the biggest security risk
- Half of healthcare organizations are compliant with the post-incident risk assessment requirements in the HIPAA final rule
- Healthcare organizations don’t trust business associates with sensitive patient information
- Organizations rely on policies and procedures to achieve compliance and secure sensitive information
Access the report here.